Merge "Fix sepolicy for Gatekeeper HAL" am: 9d5f97b3

am: dfded77d Change-Id: I3a6e966ad54f4ea505dacb5c60269cc733e9212c

Merge "Fix sepolicy for Gatekeeper HAL" am: 9d5f97b3
am: dfded77d Change-Id: I3a6e966ad54f4ea505dacb5c60269cc733e9212c
5939dc8d · Janis Danisevskis · android-build-merger · 52c5bde4 · dfded77d · 5939dc8d
Commit 5939dc8d authored 8 years ago by Janis Danisevskis Committed by android-build-merger 8 years ago
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -15,7 +15,6 @@ allow gatekeeperd system_file:dir r_dir_perms;
 ### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
 ### These rules should eventually be granted only when needed.
-hwbinder_use(gatekeeperd)
 hal_client_domain(gatekeeperd, hal_gatekeeper)
 ###

--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
-# call into gatekeeperd process (callbacks)
+binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
-# TODO: This rules is unlikely to be needed because Gatekeeper HIDL
-# says there are no callbacks
-binder_call(hal_gatekeeper, gatekeeperd)
 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;